Hackers have stolen over 25 million forum accounts hosted by Russian internet giant Mail.ru.
Separate attacks carried out in three game-related forums in July and August have resulted in a staggering 25 million accounts compromised by hackers targeting Mail.ru, a Russian internet and services giant.
One forum alone saw nearly half of the breached data, just under 13 million accounts compromised while the other two totaled over 12 million records.
A copy of the stolen cache of data was obtained by breach notification website LeakedSource, who revealed the compromised subdomains.
- cfire.mail.ru – 12,881,787 users, 6,226,196 passwords cracked.
- parapa.mail.ru (main game) – 5,029,530 users, 3,329,532 passwords cracked.
- parapa.mail.ru (forums) – 3,986,234 users, 2,907,572 passwords cracked.
- tanks.mail.ru – 3,236,254 users, 0 passwords cracked.
While the hackers are yet unknown, it is widely believed that they were able to compromise the older vBulletin forum software by simply using known SQL injection exploits to take advantage of the vulnerabilities within the bulletin software.
Among other data, the hackers were able to ascertain users’ email addresses, usernames, scrambled passwords and birthdays. Alarmingly, some of the compromised forums had even recorded IP addresses and phone numbers of registered users.
Speaking to ZDNet, a member of LeakedSource revealed that 12 million passwords, or half of the stolen data, were easily cracked using commonly accessible cracking tools.
LeakedSource wrote in its blog post:
Not a single website used proper password storage, they all used some variation of MD5 with or without unique salts.
Furthermore, the most commonly used passwords include all the usual suspects. Depressingly, the passwords among the top 10 most used websites in the *.mail.ru communities are:
- 123456789
- 12345678
- 123456
- 1234567890
- Quertyuipop
- 123123123
- 11111111
- 1q2w3e4r5t
- 1a2w3e4r
- 987654321
Notably, many of Mail.ru’s forums ran versions of unpatched and outdated vBulletin software. Some of the software dated back to early-2013.
Despite the staggering numbers and the clear lack of a proper cybersecurity infrastructure to safeguard its users’ accounts, Mail.ru played down the incident. A spokesperson stated:
“They are old passwords to the forums of game projects that Mail.ru Group acquired over the years. All Mail.ru Group’s forums and games have been using a secure integrated authorization system for a long time by now. These passwords have never been related to email accounts and other services of the company in any way.”
Image credit: Pixabay.
